Thursday, December 19, 2019

The Child Sexual Exploitation Kill Chain, Introduction

The kill chain originates as a military approach to conducting an attack against targets. In one of the military models, the chain consists of find, fix, track, target, engage and assess. This concept has been adapted to cybersecurity by the Lockheed Martin Corporation. This kill chain consists of reconnaissance, weaponization, delivery, exploitation, installation, “command and control” and “actions on objectives”. The cyber kill chain was developed as a guide for network defenders to provide the phases of attack against a computer network. By knowing and understanding the phases of attack the defenders can provide specific defenses against specific parts of the kill chain. The goal is to break the chain as early as possible in the attack.

It is clear that more people than ever in more ways than ever are after children for their own sexual pleasure. The people of GOD must make moves to protect their children. As the culture becomes more deviant more of these attacks will take place. In Matthew 10:16 the LORD tells his disciples that they must be wise as serpents and harmless as doves. We live in a hostile environment where there is an ongoing war for your children and sexual exploitation is just one front of this war. The guidance that the LORD gave to his disciples in the book of Matthew also applies to the people of GOD in this day and age.

During my reading and research on child sexual exploitation, a pattern of phases became evident. I noticed the same phases in books, news reports, personal accounts of victims and found confirmation of this pattern in the Deviant Behavior academic journal. The article is titled Stages of Sexual Grooming: Recognizing Potentially Predatory Behaviors of Child Molesters. The phases or kill chain for child sexual exploitation are select, access, trust, desensitize and dominate. This kill chain does not apply to a situation such as a child being kidnapped and raped. It simply lists the phases that result in a child being manipulated into performing sexual acts. The goal of the kill chain approach is to provide a simple and systematic approach to detect and defend children from those who would sexually abuse them.

During this blog series, we will explore each phase of the kill chain by examining how a predator may operate in each phase, clues that a defender could look for and methods that could be used to stop an attack. Our next blog will focus on the select phase of the kill chain.

Tuesday, December 13, 2016

Christians, we must continue to petition our LORD for Aleppo and Syria!

My Bible reading, vocation and hobby provide me with an interesting view of the world. By day I am a Threat Exploit Researcher. This involves investigating known vulnerabilities, malware and attacks against networks. My findings are documented and the methods that are used to perform and detect the malicious activity are highlighted. Using this information, we are able to write detection rules that can be used to alert or block the malicious activity. In my free time, I consider myself a Cybercrime Researcher. This involves me collecting information from multiple social media platforms, IRC channels and darknets. I am able to learn the tools, techniques and procedures used by malicious actors. Sometimes, I find information that looks to have been stolen by hackers. Other times, I have come across discussions about live network attacks in progress.     
One of big issues that show up nightly on my radar has been the Aleppo crisis. This crisis has been reported on multiple social media platforms and has been in our news daily. For months I have come across pictures and video of the fighting, bombed out buildings, injured and dead people and people who are struggling to survive. Men, women and children are all suffering in Aleppo and all over Syria. People have died in their beds because the building there were in had collapsed on them due to the bombs dropped from planes. I have seen fighters going to war without essential equipment like shoes. The delayed and sanitized images feed to us by our news media does not do justice to the extreme situation these people face everyday.    
On December 12th, a cease-fire agreement was signed that would allows the civilians and rebel fighters to leave the city of Aleppo. Usually, cease-fires are very temporary and quickly broken. Almost immediately, I was reading reports of groups already violating the agreement. We must continue to petition our LORD and Savior Jesus Christ for the people of Aleppo and of Syria. This is just one of the many places around the world that are always in a constant state of war. There is so much to petition our LORD for and all this is very overwhelming. It is very easy to turn a blind eye to it all but we cannot do this. Pray and be obedient to what the LORD tells you to do.     

Wednesday, September 28, 2016

Not a Victim

I recently visited Belfast in the Northern Ireland part of the United Kingdom. This was my second trip to the area and it is a beautiful part of the world. The area is rich in history, has many beautiful people and places along with one pub for every 25 people. Just as I had previously, I stayed in the city center which is just a stones throw from city hall and within walking distance to my employer’s security research and headquarters.
Some of my coworkers and I were walking to a pub that would be hosting the after hours party thrown by my employer. Along the way we passed a gentleman sitting on the ground and asking for money. I happened to be walking with my Cold Steel Walkabout Walking Stick. Seeing this, the gentleman asked me if I had hurt my leg. I said no, my leg is ok. We continued in friendly conversation and I explained that I carried no cash and asked him if there is anything I could get for him. He said he wanted some hot tea.
Since this is the UK, tea is as plentiful as beer and water so this was an easy request to fulfill, no problem. I went to the nearest convenience store, get hot water, sugar and 5 different flavors of tea because I failed to ask what flavor he wanted. I bring back the tea and we continue with more friendly conversation.
Him: Are you Christians?
Me: Yes.
Him: Where are you from?
Me: The United States.

As the conversation continues it becomes disturbing to me. He starts discussing the victimization of black people by the hands of the police in America. I sat there, listened, smiled and nodded my head as I took it all in. I was not willing to debate the topic with this gentleman on the streets of Belfast. He was kind, I believe that he was truly concerned but I believe that he was also largely misinformed.
Even more recently, I am told that the United Nation says that African Americans are owed reparations for slavery. The UN called it the legacy “racial terrorism”. I am an American of African descent with an Irish name. Does this mean I get double because history says the Irish were also enslaved? Should I start going after the English for this portion of the payment? What about my native american heritage? Do I get some form of payment for this also?
I agree that those who were enslaved are due payment. This would be just and right but it cannot happen now. GOD almighty placed me in this space at this time. I enjoy the benefits of being in this country because many of my ancestors suffered, sacrificed and probably died struggling to overcome the persecution. I am not due their payment and I cannot blame my current problems on what someone else’s ancestors did to my ancestors. This imperfect but still great country that GOD has placed me in only owes me what has been defined by the Constitution of the United States.
I understand that as a country we have a horrible past as far as the relation between persons of African heritage and persons of European heritage are concerned. I also understand that the current situation is not perfect. It is far from perfect! Maybe I am looking too much into this? Maybe I have some pride issues that I need to deal with? I really do not like people believing that I am a victim just because of the color of my skin. I am made in the image and likeness of GOD, I am an over comer and not a victim.

I am designed to overcome and to fight life through.If you see me, no matter the situation, whether I am wealthy or poor, on top of the world or in the gutter. Please do not think of me as a victim. I may even be victimized, but my victimization does not make me a victim.  

Thursday, March 31, 2016

Serving Neighbors, Serving God!

It has to be said and something must be done. All Lives Matter, abortion is wrong and guns are not evil but some people are. We as a country should take Frederic Douglas's advice about what should be done about us black men. 

“Let him alone! If you see him on his way to school, let him alone, don’t disturb him! If you see him going to the dinner-table at a hotel, let him go! If you see him going to the ballot-box, let him alone, don’t disturb him! If you see him going into a work-shop, just let him alone,—your interference is doing him a positive injury.” 

We men need to dedicate ourselves to GOD and reclaim our families and neighborhoods from these government programs that have weakened our resolve to provide for and protect those that GOD has given to us. I believe that Jesus is LORD and the founding of this country was based on Christian principles and values.

I am a follower of Christ, a dedicated husband to my wife and a loving father to my children. I am also a Patriot who loves the United States of America... warts and all! 

Our country is in serious trouble and I am doing what I know to do. Get involved and fix what I can and encourage others to do the same. I have been elected as a Delegate to represent my neighbors at the Texas GOP State Convention. 

The convention is being held from Thursday May 12th to Saturday May 14th in Dallas TX.

I will be traveling from the Houston area and I need your prayers. I also need my neighbors help to cover the cost of travel and lodging. Any funds raised over the needed expense will be allocated to traveling to the GOP National Convention if I am elected as a Delegate or an Alternate. 

I promise to stand for the GODLY principles that have made this country great. I promise to help defend the Constitution of the United States of America. I promise to do all I can to fix all I can and get others involved to do the same. I promise to serve my neighbors and to serve GOD.

Thank you for your prayers for strength and boldness! Also, if you choose, thank you for your financial help! All gifts can be sent using GoFundMe at the link below.

Sunday, August 2, 2015

Next time they just may take your email! Part 1

In September of 2014 lawyers representing the City of Houston subpoenaed local pastors to provide documents related to the Houston Equal Rights Ordinance. On page 11 of the subpoena, the definitions and instructions are explained. The third bullet point includes the following.

”The terms include, but are not limited to, emails, instant messages, text messages,…”

After protest, meetings and discussions involving people with different thoughts of the legislation the subpoena request was cancelled. However, the topic of this particular blog is not to discuss the Houston Equal Rights Ordinance. My focus will be on email message encryption, why it is important and how it affects you.

In the Stored Wire and Electronic Communications and Transactional Records Access section 2703 it states the following in sections A and B.

"(a) Contents of Wire or Electronic Communications in Electronic Storage.— A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

b) Contents of Wire or Electronic Communications in a Remote Computing Service.
(1) A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection—
(A) without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or
(B) with prior notice from the governmental entity to the subscriber or customer if the governmental entity—
(i) uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or
(ii) obtains a court order for such disclosure under subsection (d) of this section;
except that delayed notice may be given pursuant to section 2705 of this title.”

Simply put, if your email is over 180 days old and it is still available on the server, all the government needs is to issue a subpoena. With a warrant the standard of probable cause needs to be met. Also, a judge is needed to issue a warrant. These requirements may not need to be met in regards to a subpoena.    

Encrypting your email messages is important because it helps protect your right to privacy. This is done by making your email messages difficult to read by unwanted users. Even if the government or an unwanted third party were to access your messages they would need to have access to the key needed to decrypt the messages.

A brute force attack can be performed to decrypt the message so it is very important that the strongest encryption is used. With today’s technology it would take many years to decrypt a message that uses strong encryption. The more encrypted messages that you send and receive the better the system will work. 

In Matthew 10:16 Jesus says “I am sending you out like sheep among wolves. Therefore be as shrewd as snakes and as innocent as doves.” It is wise to learn how to properly use these tools. In part two of this article we will discuss the usage of Pretty Good Privacy (PGP) and how it works to help protect your privacy.


Subpoena by the City of Houston

Stored Wire and Electronic Communications and Transactional Records Access section 2703

Wednesday, July 22, 2015

What does the Ashley Madison Hack have to do with the Christian Church.

The Ashley Madison website, back-end databases and possibly its internal network were compromised by hackers calling themselves “The Impact Team” for an unknown period of time. The hackers happen to make themselves known over the weekend. It is unknown how the attack had occurred but 37 million user’s information, company financial data and detailed network information were stolen from the network. Also, the front page of their website was defaced. Samples of the stolen user accounts have been posted online but quickly removed via take down request. There is no guarantee that the data will not be placed online again.

The attack has exposed many millions of men and women desiring to have an affair. Additionally, their names, addresses, credit card numbers and other personal and identifiable information concerning their customers were stolen. Even past customer that paid to have all their information removed from the Ashley Madison system had their information stolen because their information was never removed as advertised. On the surface everything looks to be back to normal at Ashley Madison but behind the scenes they are recovering and working with law enforcement to track down the hackers.

What does this have to do with the Church of Jesus Christ? If the data is released it is likely that people who are hurt will shows up at churches looking for council and healing. Others may need help getting on their feet after going through a costly divorce. Confronting these issues are very important and the church needs to be involved but this is not the focus of this post. During my research of the issue I have seen that many people were supportive of the breech because the site helps people cheat on their spouses. People did not like the idea of helping people commit these acts.

It is clear that people are not in agreement with many of the views of the Christian Church. It is possible that an attack like this can happen to a church. Smaller attacks that defaced websites or steal banking information to transfer funds to overseas accounts have already been done. What would happen if your congregation database were stolen? Would this expose your parishioners to fraud? Do you keep a database of people in Celebrate Recovery? This could be very embarrassing for you and the congregant.

No matter the size of your church if you are keeping and maintaining any kind of database, website or computer network this information must be protected. It must be protected from insider and outsider threats. Many of the Christian’s views make the church a target and it must be prepared. In the coming weeks and months I will be posting some of the things that you can do to reduce the risk of a successful attack and lessen the impact of those attacks that are successful.   

Friday, June 19, 2015

Tinba has been Updated, Armored and Attacking European Banks.

The Tinba (Tiny Banker) Trojan has been updated, armored and is attacking European banks. When initially discovered in 2012 the Tinba Trojan weighed in 20KB and was known as the worlds smallest banking Trojan. Its small size made the Trojan fast and hard to detect. The newest version comes into the battle at 10 times the size or 200KB. The size increase is caused by the additional powerful capabilities added to this Banking Trojan. These capabilities include social engineering techniques, sandbox evasion, CnC authentication and encrypted communications just to name a few.
One of the more fascinating features of this Trojan is the infrastructure built for it. First, the use of encryption is done between the CnC server and Trojan itself. This makes it difficult for law enforcement or security researchers to spoof communications. Additionally, if the built in CnC servers are unavailable the Trojan can use its an algorithm to generate 1000s of possible backup domains as possible host to connect to. If the criminal gang behind the infrastructure were to lose access to the CnC servers they would just need to bring up servers with domain names that would meet the criteria of the algorithm. Last but certainly not least the same infrastructure used to host this Trojan is also hosting other malware. This infrastructure is resilient, powerful and simply amazing!     
If you happen to become infected with this beast it will spring into action once you log into targeted site. It starts by launching webinjects customized for the bank requesting login credentials, personal information or permission to transfer funds. It may also warn you that extra money has been accidentally transferred into your account and it must be refunded immediately.
This Trojan is very powerful and is highly customizable to fit the location and language of the target. The latest version has been customized to target European banks and their customers. Due to the fast pace of change concerning this threat any opportunity must be taken to lower the risk of a successful attack.
What you need to know and do.                
This Trojan has been seen delivered by the Rig Exploit Kit.
Keep your OS and applications updated.
Pay attention to unusual request and changes when you do your online banking, when in any doubt contact your financial institution.